The global pandemic has disrupted industries and economies across the world, and yet the pace of M&A transactions continues; foreign investors and their counsel must keep pace with the evolving scope and approach of the Committee on Foreign Investment in the U.S. (CFIUS) to avoid transaction failures.
A recent change to export control classification provides more clarity, but CFIUS will be watching closely in deals involving cutting-edge technology, sensitive data, critical infrastructure, and investments in real estate near sensitive government facilities.
Additional CFIUS Scrutiny Now in Place
Congress significantly expanded CFIUS’s jurisdiction in several ways in 2018 and final implementing regulations went into full effect this year. The Foreign Investment Risk Review Modernization Act (FIRRMA) has significantly added to the type, and number, of transactions that will be subject to review.
Since its inception in 1975, CFIUS has worked as an inter-agency committee of the U.S. government to review the national security implications of foreign investments in American companies or operations. Before February, CFIUS reviewed only those transactions in which a foreign entity intended to buy a controlling interest in a U.S. business.
Now, CFIUS is responsible for reviewing non-controlling investments by foreign entities, where the investment gives those entities access to material, non-public technical information or provides management control such as veto rights or a board seat.
Second, CFIUS also is empowered to review real estate transactions near sensitive government facilities.
Third, FIRRMA requires mandatory filings for investments in U.S. businesses that involve “critical technologies,” and CFIUS has identified technologies in 27 categories as defined by North American Industry Classification System (NAICS) codes as “critical.”
Many more investors in and sellers of U.S. businesses, technology, and real estate need to be concerned about a CFIUS review of their transactions.
NAICS to Be Replaced by Export Controls
The breadth and timing of these changes caused challenges almost immediately upon implementation. The NAICS codes were vague and subject to interpretation, resulting in significant uncertainty and possible risk for businesses and investors. These deficiencies quickly became apparent.
CFIUS will soon utilize the U.S. export control classification, rather than NAICs, for services or products to determine if export-controlled critical technology is in play and, therefore, requiring a review. This change recognizes that export classifications already consider variables such as national security, foreign policy, limited supply, and other national policies.
How Dealmakers and Counsel Can Prepare
Now more than ever, foreign investors and their deal teams must take a proactive look at export classifications, and licensing and authorization requirements under the International Traffic in Arms Regulations (ITAR); the Export Administration Regulations (EAR); and export, import, and assistance regulations covered by the Department of Energy and the U.S. Nuclear Regulatory Commission that apply to a subject business.
This assessment will help determine whether the transaction involves “critical technologies” and, therefore, triggers the mandatory CFIUS filing obligation.
It is important to note that certain license exceptions will eliminate the need for a mandatory CFIUS filing, particularly if the products pose a lower risk of unauthorized or impermissible end uses. Third-party experts, especially those with firsthand global trade controls and CFIUS expertise, are invaluable in this evaluation and can offer recommendations to help prevent future transaction failures.
Further, while CFIUS’ new export control classification criteria are more transparent, dealmakers should also expect confidential scrutiny by the U.S. government of business partners and investors, and reviews of the entity’s prior export controls compliance track record.
Investigation into past compliance behavior, along with intelligence-gathering on individuals’ backgrounds and relationships is not uncommon.
Experts in compliance and investigations can be helpful in pre-deal review risk evaluation, in considering the likely scope and timing of a review, and in positioning if under review.
Businesses might consider a third party to conduct an independent “mock audit,” holistic compliance program review, or both to determine if any ongoing relationships or past transgressions present a potential national security risk from the committee’s perspective. These experts can also be tapped to provide objective insight on potential supply chain and third-party risks that could affect deal ROI.
Export Controls and Mitigation
Historically, CFIUS has approved most transactions. In many cases, however, CFIUS approval comes with an agreement requiring processes and procedures to mitigate any perceived threat to national security. The percentage of cleared transactions which include mitigation agreements has been increasing in each of the past three years.
Experience to date shows us that companies with significant export controls are likely to have some form of mitigation. These agreements can have significant operational and competitive impact and, thus, should be carefully and completely evaluated to set-up the business for success post-CFIUS approval.
For example, mitigation agreements often have provisions requiring specified operational procedures. These provisions are negotiable and can also provide a company with the opportunity for innovation and competitive advantage, if framed correctly.
This column does not necessarily reflect the opinion of The Bureau of National Affairs, Inc. or its owners.
Scott Boylan is partner with StoneTurn with experience in advising public and private sector organizations on international legal and business issues, including trade compliance, investment security and government contracting. He has been involved in all aspects of the CFIUS, from negotiating mitigation agreements to establishing and leading compliance protocols for mitigated companies.
Joshua Holzer is a partner with StoneTurn with public and private sector experience in compliance, risk assessment and mitigation, and investigations. As an international trade expert, he draws on his work as in-house counsel, in government, and in private practice to help clients identify and manage risk.